Merge branch 'security-fix-email-xss-master' into 'master'

Prevent an XSS vector in the add approver email Closes #375 See merge request gitlab/gitlab-ee!1120

Merge branch 'security-fix-email-xss-master' into 'master'
Prevent an XSS vector in the add approver email Closes #375 See merge request gitlab/gitlab-ee!1120
87948d55 · GitLab Release Tools Bot · 56122822 · ef854625 · 87948d55 · 87948d55
Commit 87948d55 authored Jul 26, 2019 by GitLab Release Tools Bot
2 changed files
--- a/ee/app/views/notify/add_merge_request_approver_email.html.haml
+++ b/ee/app/views/notify/add_merge_request_approver_email.html.haml
@@ -2,7 +2,7 @@
  %div
    #{link_to @updated_by.name, user_url(@updated_by)} added you as an approver for:
 %p.details
-  != merge_path_description(@merge_request, '&rarr;')
+  = merge_path_description(@merge_request, '→')

 - if @merge_request.assignees.any?
  %p

--- a/ee/changelogs/unreleased/security-fix-email-xss-master.yml
+++ b/ee/changelogs/unreleased/security-fix-email-xss-master.yml
+---
+title: Prevent an XSS vector in the add approver email
+merge_request:
+author:
+type: security